Norton Healthcare, a prominent Kentucky-based non-profit healthcare system, recently confirmed a significant breach compromising the personal data of millions of patients and employees, TechCrunch reports.
This group, known for previous breaches involving entities such as MGM Resorts and Reddit, infiltrated Norton between May 7 and May 9 and revealed a distressing collection of sensitive information, including names, birth dates, Social Security numbers, health and insurance details, and medical identification numbers.
Even more alarming, for some individuals, the compromised data extended to financial account numbers, driver's licenses, government IDs, and digital signatures.
Norton Healthcare, a prominent Kentucky-based healthcare system, suffered a significant breach compromising millions of patients' and employees' personal data, exposing vulnerabilities in healthcare cybersecurity.
Cyber Attack Targets Another Healthcare Institution
This breach, affecting an estimated 2.5 million individuals, stands as a stark reminder of the vulnerabilities within healthcare systems. Norton Healthcare, comprising over 40 clinics and hospitals in and around Louisville, Kentucky, represents the city's third-largest private employer, boasting a workforce exceeding 20,000 employees and over 3,000 medical providers.
TechCrunch tells us that in a candid disclosure to those affected, Norton Healthcare admitted that despite a "time-consuming" internal investigation concluded in November, it remains uncertain whether the accessed data was encrypted.
The healthcare provider clarified that the breach did not penetrate its medical record system or Norton MyChart, the electronic medical record system, providing a semblance of relief regarding patient-specific medical data.
However, the extent of the breach's aftermath is still unfolding. Notorious ransomware group ALPHV/BlackCat claimed responsibility for the cyberattack, alleging extraction of nearly five terabytes of data.
While Norton Healthcare asserted its non-compliance with ransom demands, law enforcement was promptly notified of the incident.
The same hacking group reported infiltrating MeridianLink to the SEC just a month ago. In the face of fruitless negotiations, the hackers took advantage of a recent SEC rule requiring companies to report "material cybersecurity incidents" within four business days.
Read Also: Hackers Exploit Sneaky Keylogger Vulnerability on iOS to Spy Through Your Keyboard
An Alarming Trend in US Healthcare System Breaches
This breach at Norton Healthcare emerges in a landscape riddled with similar cyber intrusions into US-based healthcare systems. The US Department of Health and Human Services (HHS) reported an alarming surge in reported breaches, citing over an 88-million-individual impact in 2023 alone-an unsettling 60% increase from 2022.
Comparatively, other healthcare breaches in 2023 compound the growing concern for data security. TechCrunch notes that HCA Healthcare, a major healthcare provider, suffered the largest breach, exposing data from 11 million patients.
While Norton Healthcare's breach affected a substantial number, it is important to note the regional impact. Maine, with 385 affected residents, underscores the widespread implications of such security breaches across state lines.
The breach details, outlined in a disclosure to Maine's attorney general, paint a grim picture of external system hacking. The compromised information included personal identifiers like Driver's License Numbers or Non-Driver Identification Card Numbers, prompting concerns regarding potential identity theft and fraud.
Stay posted here at Tech Times.
Related Article: FTC Warns Against QR Codes, Growing Cyber Attacks Reached 60,000
